vulnerability
Oracle Linux: CVE-2024-26816: ELSA-2024-12606: Unbreakable Enterprise kernel security update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:S/C:P/I:N/A:N) | 2024-04-10 | 2024-10-16 | 2025-05-27 |
Severity
2
CVSS
(AV:L/AC:L/Au:S/C:P/I:N/A:N)
Published
2024-04-10
Added
2024-10-16
Modified
2025-05-27
Description
In the Linux kernel, the following vulnerability has been resolved:
x86, relocs: Ignore relocations in .notes section
When building with CONFIG_XEN_PV=y, .text symbols are emitted into
the .notes section so that Xen can find the "startup_xen" entry point.
This information is used prior to booting the kernel, so relocations
are not useful. In fact, performing relocations against the .notes
section means that the KASLR base is exposed since /sys/kernel/notes
is world-readable.
To avoid leaking the KASLR base without breaking unprivileged tools that
are expecting to read /sys/kernel/notes, skip performing relocations in
the .notes section. The values readable in .notes are then identical to
those found in System.map.
A flaw was found in the Linux kernel due to improper handling of relocations in the `.notes` section of ELF files. This flaw allows an attacker to bypass security mechanisms or corrupt memory.
x86, relocs: Ignore relocations in .notes section
When building with CONFIG_XEN_PV=y, .text symbols are emitted into
the .notes section so that Xen can find the "startup_xen" entry point.
This information is used prior to booting the kernel, so relocations
are not useful. In fact, performing relocations against the .notes
section means that the KASLR base is exposed since /sys/kernel/notes
is world-readable.
To avoid leaking the KASLR base without breaking unprivileged tools that
are expecting to read /sys/kernel/notes, skip performing relocations in
the .notes section. The values readable in .notes are then identical to
those found in System.map.
A flaw was found in the Linux kernel due to improper handling of relocations in the `.notes` section of ELF files. This flaw allows an attacker to bypass security mechanisms or corrupt memory.
Solution
oracle-linux-upgrade-kernel-uek
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.